Flag-day: Auto-format and lint with black, isort, pylint and bandit + add to CI #439
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add black, isort, pylint and bandit to test requirements - Update indent in editorconfig to match black (4 spaces) - Add basic pylintrc file (copy-pasted from python-tuf) - gitignore pre-commit config Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Used command: `black --line-length=80 --extend-exclude=_vendor .` Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Used command:
```
isort --line-length=80 --extend-skip-glob='*/_vendor' \
--profile=black --project=securesystemslib .
```
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Inline-disable all non-error/fatal pylint issues raised by running `pylint -j 0 --rcfile=pylintrc securesystemslib tests`, by adding inline comments a la `"# pylint: disable=<issue>[, ...]"`. This allows running pylint on future PRs without spending much effort on existing code, whose future is uncertain (see secure-systems-lab#270). The patch was created mostly automatically with this script: https://gist.github.com/lukpueh/41026a3a7a594164150faf5afce94774 Unfortunately, both black and isort reformat inline comments in a way that pylint won't consider them anymore. Thus, some manual adjustments after running above script were necessary. https://black.readthedocs.io/en/stable/faq.html#why-does-my-linter-or-typechecker-complain-after-i-format-my-code Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Remove outdated original function. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
This seems to be a false positive related to unpacking a tuple in a for loop. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Inline-disable low/medium-severity bandit issues raised by running `bandit --recursive securesystemslib --exclude _vendor`, by adding inline comments a la `"# nosec"`. This allows running bandit on future PRs without spending much effort on existing code, whose future is uncertain (see secure-systems-lab#270). Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
- Add 'lint' tox environment that runs black, isort and bandit, and mypy (moved from its own env). - Run new tox env in ci GitHub Action. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
For usage and details see: https://black.readthedocs.io/en/stable/guides/introducing_black_to_your_project.html Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
lukpueh
force-pushed
the
format-and-lint-autodisable
branch
from
7a4c00b
to
b831bd2
Compare
jku
approved these changes
Oct 21, 2022
This was referenced Oct 21, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes: #243
Description of the changes being introduced by the pull request:
The most important changes of this PR include:
blackandisortpylintandbanditlinters for all non-critical issues(note: fixing those issues here would make review quite difficult, and might be wasted effort, given the uncertain future of some of these modules)
I strongly suggest to review commit by commit and consider below review hints:
minimal functional changes; biggest chunk of the diff is a new
pylintrc, which is copy-pasted from python-tufmassive purely non-functional change; can be reproduced by running the commands in the commit messages at those commits
massive purely non-functional changes, but repetitive and thus easy to review; unfortunately not automatically reproducible, because the patches required many manual adjustments
minimal functional changes; easy to review commit by commit
Please verify and check that the pull request fulfils the following requirements: